HOME

TheInfoList



Click Here for Items Related To - AS2
OR:
AS2 on:   [Wikipedia]   [Google]   [Amazon]

AS2 (Applicability Statement 2) is a
specification A specification often refers to a set of documented requirements to be satisfied by a material, design, product, or service. A specification is often a type of technical standard. There are different types of technical or engineering specificat ...
on how to transport structured
business-to-business Business-to-business (B2B or, in some countries, BtoB) is a situation where one business makes a commercial transaction with another. This typically occurs when: * A business is sourcing materials for their production process for output (e.g., a ...
data securely and reliably over the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...
. Security is achieved by using
digital certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about th ...
s and
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...
.


Background

AS2 was created in 2002 by the
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
to replace AS1, which they created in the early 1990s. The adoption of AS2 grew rapidly throughout the early 2000s because major players in the
retail Retail is the sale of goods and services to consumers, in contrast to wholesaling, which is sale to business or institutional customers. A retailer purchases goods in large quantities from manufacturers, directly or through a wholesaler, and th ...
and
fast-moving consumer goods Fast-moving consumer goods (FMCG), also known as consumer packaged goods (CPG), are products that are sold quickly and at a relatively low cost. Examples include non-durable household goods such as packaged foods, beverages, toiletries, can ...
industries championed AS2. Walmart was the first major retailer to require its suppliers to use the AS2 protocol instead of relying on dial-up modems for ordering goods. Amazon, Target, Lowe's, Bed, Bath, & Beyond and thousands of others followed suit. Many other industries use the AS2 protocol, including healthcare, as AS2 meets legal HIPAA requirements. In some cases, AS2 is a way to bypass expensive
value-added network A value-added network (VAN) is a hosted service offering that acts as an intermediary between business partners sharing standards based on proprietary data via shared business processes. The offered service is referred to as "value-added network ser ...
s previously used for data interchange.


Technical overview

AS2 is specified in RFC 4130, and is based on
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
and
S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed b ...
. It was the second AS protocol developed and uses the same signing, encryption and MDN (as defined b
RFC3798
conventions used in the original AS1 protocol introduced in the late 1990s by
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
br>
In other words: * Files are encoded as "attachments" in a standardized
S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed b ...
message (an AS2 message). AS2 does not specify the contents of the files. Usually, the file contents are in a standardized format that is separately agreed upon, such as
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. ...
or
EDIFACT United Nations/Electronic Data Interchange for Administration, Commerce and Transport (UN/EDIFACT) is an international standard for electronic data interchange (EDI) developed for the United Nations and approved and published by UNECE, the UN Econ ...
. * AS2 messages are always sent using the
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
or
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is e ...
protocol (
Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in sec ...
— also known as SSL — is implied by HTTPS) and usually use the "POST" method (use of "GET" is rare). * Messages can be signed, but do not have to be. * Messages can be encrypted, but do not have to be. * Messages may request a ''Message Disposition Notification'' (MDN) back if all went well, but do not have to request such a message. * If the original AS2 message requested an MDN: ** Upon the receipt of the message and it's successful decryption or signature validation (as necessary) a "success" MDN will be sent back to the original sender. This MDN is typically signed but never encrypted (unless temporarily encrypted in transit via HTTPS). ** Upon the receipt and successful verification of the signature on the MDN, the original sender will "know" that the recipient got their message (this provides the "Non-repudiation" element of AS2). ** If there are any problems receiving or interpreting the original AS2 message, a "failed" MDN may be sent back. However, part of the AS2 protocol states that the client must treat a lack of an MDN as a failure as well, so some AS2 receivers will not return an MDN in this case. Like any other AS file transfer, AS2 file transfers typically require both sides of the exchange to trade X.509 certificates and specific "trading partner" names before any transfers can take place. AS2 trading partner names can usually be any valid phrase.


MDN options

Unlike AS1 or AS3 file transfers, AS2 file transfers offer several "MDN return" options instead of the traditional options of "yes" or "no". Specifically, the choices are:


AS2 w/ "Sync" MDNs

''Return Synchronous MDN via HTTP(S) ("AS2 Sync")'' - This popular option allows AS2 MDNs to be returned to AS2 message sender clients over the same HTTP connection they used to send the original message. This "MDN while you wait" capability makes "AS2 Sync" transfers the fastest of any type of AS file transfer, but it also keeps this flavor of MDN requests from being used with large files (which may time out in low-
bandwidth Bandwidth commonly refers to: * Bandwidth (signal processing) or ''analog bandwidth'', ''frequency bandwidth'', or ''radio bandwidth'', a measure of the width of a frequency range * Bandwidth (computing), the rate of data transfer, bit rate or thr ...
situations).


AS2 w/ "ASync" MDNs

''Return Asynchronous MDN via HTTP(S) (a.k.a. "AS2 Async")'' - This popular option allows AS2 MDNs to be returned to the AS2 message sender's server later over a different HTTP connection. This flavor of MDN request is usually used if large files are involved or if your trading partner's AS2 server has poor Internet service.


AS2 w/ "Email" MDNs

''Return (Asynchronous) MDN via Email'' - This rarely used option allows AS2 MDNs to be returned to AS2 message senders via
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
rather than HTTP. Otherwise, it is similar to "AS2 Async (HTTP)".


AS2 w/ No MDNs

''Do not return MDN'' - This option works like it does in any other AS protocol: the receiver of an AS2 message with this option set simply does not try to return an MDN to the AS2 message sender.


Filename preservation

AS2 filename preservation feature will be used to communicate the filename to the trading partner. The banking industry relies on filenames being communicated between trading partners. AS2 vendors are currently certifying that implementation of filename communication conforms to the standard and is interoperable. There are two profiles for filename preservation being optionally tested under AS2 testing: *Filename preservation without MDN responses *Filename preservation with an associated MDN response certification


Benefits

For many businesses, the use of AS2 and electronic data interchange (EDI) is not a choice so much as it is a requirement of doing business with a large customer or partner. That said, AS2 is a universal protocol that provides many benefits, from both business and technology vantage points.


Business case

* Cut costs by using the web for EDI file transfers, AS2 reduces the cost of transactions from expensive VANs. * Extend EDI to more partners; with lower costs and universal web connectivity, AS2 allows organizations to implement EDI with partners worldwide that have little EDI infrastructure. * Save time by eliminating the need to manually process orders. * Eliminate errors by turning manual processes into automated processes. * Universal solution — AS2 is established and tested, so no one has to re-invent the wheel.


Technological advantages

* Leverage the web: if an organization can share data securely via the web, they already have much of the infrastructure for AS2. * Unlimited EDI data — there are no practical limitations on transaction sizes via the web, and AS2 includes features for managing large transfers. * Payload Agnostic — AS2 can be used to transport any type of document. While EDI X12, EDIFACT and XML are common, any mutually agreed-upon format may be transferred.


See also

* AS1 * AS3 * AS4


References


External links

* {{IETF RFC, 4130 - AS2 specification
AS2: Part 1 - What Is It?
AS2 series by Loren Data Corp.
AS2: Part 2 - Best Practices
AS2 series by Loren Data Corp.
AS2: Part 3 - Certificates
AS2 series by Loren Data Corp. Computer networks Cryptographic protocols Internet Standards